<?php
// +----------------------------------------------------------------------
// | ThinkCMF [ WE CAN DO IT MORE SIMPLE ]
// +----------------------------------------------------------------------
// | Copyright (c) 2013-2014 http://www.thinkcmf.com All rights reserved.
// +----------------------------------------------------------------------
// | Author: Dean <zxxjjforever@163.com>
// +----------------------------------------------------------------------
namespace plugins\wechat_zhl\controller; //Demo插件英文名，改成你的插件英文就行了

use cmf\controller\PluginBaseController;

class AdminWechatYanzhenController extends PluginBaseController
{
    function index(){
        file_put_contents('1.txt','微信访问',FILE_APPEND);

        $appId = $this->request->param('id');
        $WechatSettings = cmf_get_option('wechat_settings');
        if (!empty($WechatSettings['wechats'][$appId])) {
            $token=$WechatSettings['wechats'][$appId]['app_token'];
            $app_id= $WechatSettings['wechats'][$appId]['app_id'];
            $app_secret= $WechatSettings['wechats'][$appId]['app_secret'];
            $echoStr = $this->request->param('echostr');
            $nonce=$this->request->param('nonce');
            $timestamp=$this->request->param('timestamp');
            $signature=$this->request->param('signature');
            if($this->checkSignature($nonce,$timestamp,$signature,$token)){
                file_put_contents('1.txt','通过验证',FILE_APPEND);
                echo $echoStr;
                //如果你不知道是否验证成功  你可以先echo echostr 然后再写一个东西
                exit;
            }

        }else{
            $this->error('该平台未接入');
        }

    }

    private function checkSignature($nonce,$timestamp,$signature,$token)
    {

        //定义你在微信公众号开发者模式里面定义的token
        $token  = $token;
        //三个变量 按照字典排序 形成一个数组
        $tmpArr = array(
            $token,
            $timestamp,
            $nonce
        );
        // use SORT_STRING rule
        sort($tmpArr, SORT_STRING);
        $tmpStr = implode($tmpArr);
        //哈希加密  在laravel里面是Hash::
        $tmpStr = sha1($tmpStr);
        //按照微信的套路 给你一个signature没用是不可能的 这里就用得上了
        if ($tmpStr == $signature) {
            return true;
        } else {
            return false;
        }
    }// checkSignature end
}
